Logs for Object Storage
Akamai Cloud Pulse Logs generates logs from Akamai Cloud services, like Object Storage, and delivers them to whatever destination you define. This guide covers logs specific to the S3 API in Object Storage. For details on logs specific to the Linode API, see the Logs page.
Cloud Pulse Logs for Object Storage is currently in limited availability and may not be accessible from your account. To gain access, please open a support ticket and request to join the limited availability program for this feature.
For the S3 API, logs are categorized into two main groups: management events and data events. Currently only management events are supported in Cloud Pulse.
Management events
Management events provide information on who created, modified or deleted storage resources or settings in Object Storage. The following table lists all management events (S3 API operations) and marks which ones are logged through Cloud Pulse. Cloud Pulse currently supports all write operations. Read-only operations are not yet supported.
| Management event (S3 API operation) | Logged in Cloud Pulse |
|---|---|
| CreateBucket | ✓ |
| DeleteBucket | ✓ |
| DeleteBucketLifecycle | ✓ |
| DeleteBucketPolicy | ✓ |
| GetBucketAcl | |
| GetBucketLifecycleConfiguration | |
| GetBucketLocation | |
| GetBucketPolicy | |
| GetBucketVersioning | |
| GetObjectLockConfiguration | |
| HeadBucket | |
| ListBuckets | |
| ListMultipartUploads | |
| ListObjects | |
| ListObjectsV2 | |
| ListObjectVersions | |
| PutBucketAcl | ✓ |
| PutBucketLifecycleConfiguration | ✓ |
| PutBucketPolicy | ✓ |
| PutBucketVersioning | ✓ |
| PutObjectLockConfiguration | ✓ |
Event example
This example is of a log for the CreateBucket event, though every event listed above shares the same structure. To determine the S3 API operation that generated the logged event, view the data.eventcode field in the log file. If this field does not start with s3, then the event came from the Linode API instead of the S3 API.
{
"specversion": "1.0",
"id": "99f77d13-b398-49f4-b747-24c457609c75",
"source": "/service/object-storage",
"type": "com.akamai.audit.config",
"time": "2026-01-28T15:33:11.123Z",
"account": "3368DF1D-ACD8-4B70-836233949E92499B",
"data": {
"requestid": "bc7ddf499cde5aee66ce06efcb4f0384",
"eventcode": "s3:CreateBucket",
"starttime": "2026-01-28T15:32:59.456Z"
"endtime": "2026-01-28T15:33:11.123Z",
"responsecode": 200,
"actor": {
"type": "user",
"accesskeyid": "3H7HG3IV6EUP3EXAMPLE",
"sourceip": "192.0.2.1",
"useragent": "aws-cli/2.31.13 md/awscrt#0.27.6 ua/2.1 os/macos#24.6.0 md/arch#arm64 lang/python#3.13.8 md/pyimpl#CPython m/b,E,C,n,Z,N cfg/retry-mode#standard md/installer#source md/prompt#off md/command#s3.ls"
},
"resources": [
{
"Bucket": "my-bucket-name",
"region": "sg-sin",
"s3_endpoint": "sg-sin-1.linodeobjects.com"
}
]
}
}
Most of the fields in the example above are described within the Configuration audit logs example of the Logs page. However, there are a few fields specific to S3 API management event logs:
data.starttime: The time the S3 endpoint first received the request.data.endtime: The time the S3 endpoint finished processing the request.data.actor.type: While this field appears in other event logs, there are differences for S3 API events. A value ofuserfor the S3 API indicates that this request was made by a specific access key, identified in thedata.actor.accesskeyidfield. A value ofanonymousmeans that the request was not signed.data.actor.accesskeyid: The S3 access key ID string. Only present for actor typeuser(notanonymous).data.resources: A list (JSON array) of resources referenced by this requestdata.resources[0].Bucket: The name of the bucket targeted by this S3 API operation.data.resources[0].region: The region in which the S3 endpoint is located.data.resources[0].s3_endpoint: The hostname of this bucket's S3 endpoint.
Updated about 3 hours ago